A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.
Commands you may need to solve this level
cron, crontab, crontab(5) (use “man 5 crontab” to access this)
Doing the same thing from last level, we found the following script
cat cronjob_bandit23 * * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null cat /usr/bin/cronjob_bandit23.sh #!/bin/bash myname=$(whoami) mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1) echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget" cat /etc/bandit_pass/$myname > /tmp/$mytarget
I notice whoami give me the current user. In this case bandit22. So I should change that but I wasn’t sure how. Let’s run the script and see what happen.
/usr/bin/cronjob_bandit23.sh Copying passwordfile /etc/bandit_pass/bandit22 to /tmp/8169b67bd894ddbb4412f91573b38db3
So I know if we change from bandit22 to bandit23, we will get a file that have the password for bandit23. The long file name is a hash (md5) from mytarget. Let execute that same line but switch $myname to bandit23. We got another long string and looking at the content of this file in tmp folder gives us the next password.
echo I am user bandit23 | md5sum | cut -d ' ' -f 1 8ca319486bfbbc3663ea0fbe81326349 cat /tmp/8ca319486bfbbc3663ea0fbe81326349 jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n